bitlair/ansible
6
0
Fork 1
Code Issues Pull requests Activity Actions

Compare commits

base: bitlair:ce1babbeda57d1c01ba99e3fd40e4d62a62abe3d
Branches Tags
bitlair:main
bitlair:linting
..
compare: bitlair:789282c82bd0eb1c986da9633eb490f8f27a2db9
Branches Tags
bitlair:linting
bitlair:main

No commits in common. "ce1babbeda57d1c01ba99e3fd40e4d62a62abe3d" and "789282c82bd0eb1c986da9633eb490f8f27a2db9" have entirely different histories.
ce1babbeda ... 789282c82b

10 changed files with 85 additions and 49 deletions
Show stats Expand all files Collapse all files

4
roles/acme/handlers/main.yaml
View file

@ -1,9 +1,7 @@
---
- name: update_contact_info - name: update_contact_info
ansible.builtin.command: ansible.builtin.command:
cmd: dehydrated --account cmd: dehydrated --account
- name: run dehydrated - name: query_certificates
ansible.builtin.command: ansible.builtin.command:
cmd: dehydrated --cron cmd: dehydrated --cron

92
roles/acme/tasks/main.yaml
View file

@ -1,46 +1,82 @@
--- ---
- ansible.builtin.import_tasks:
file: remove_conflicting.yaml
tags: [ never, acme_remove_conflicting ]
- name: Install Dehydrated - name: Install Dehydrated
tags: [ acme, acme_install ]
block:
- name: Install dependencies
ansible.builtin.apt: ansible.builtin.apt:
name: ssl-cert
state: present state: present
pkg:
- dehydrated
tags:
- acme
- name: Create Nginx snippet snippets dir - name: Install Dehydrated
ansible.builtin.file: ansible.builtin.apt:
state: "directory" name: dehydrated
path: "/etc/nginx/snippets" state: present
owner: "root"
group: "root"
mode: "0755"
- name: Template dehydrated configfiles - name: Install config file
ansible.builtin.template: ansible.builtin.template:
src: "{{ item.src }}" src: config.sh
dest: "{{ item.dest }}" dest: /etc/dehydrated/conf.d/ansible.sh
owner: "{{ item.owner | default('root') }}" owner: root
group: "{{ item.group | default('root') }}" group: root
mode: "{{ item.mode | default('0640') }}" mode: 0755
notify: "{{ item.notify | default([]) }}" notify: update_contact_info
with_items:
- { src: "config.sh", dest: "/etc/dehydrated/conf.d/ansible.sh", mode: '0755' }
- { src: "deploy.sh", dest: "/etc/dehydrated/conf.d/deploy.sh", mode: '0755' }
- { src: "cron", dest: "/etc/cron.d/dehydrated" }
- { src: "nginx-snippet.conf", dest: "/etc/nginx/snippets/acme.conf" }
- { src: "domains.txt", dest: "/etc/dehydrated/domains.txt", notify: "run dehydrated" }
- name: Register account - name: Install deploy hook
ansible.builtin.template:
src: deploy.sh
dest: /etc/dehydrated/conf.d/deploy.sh
owner: root
group: root
mode: 0755
- name: Install cronjob
ansible.builtin.template:
src: cron
dest: /etc/cron.d/dehydrated
owner: root
group: root
mode: 0644
- name: Create Nginx snippet snippets dir
ansible.builtin.file:
state: directory
path: /etc/nginx/snippets
owner: root
group: root
mode: 0755
- name: Install Nginx snippet
ansible.builtin.template:
src: nginx-snippet.conf
dest: /etc/nginx/snippets/acme.conf
owner: root
group: root
mode: 0644
- name: Register account
ansible.builtin.command: ansible.builtin.command:
args:
cmd: dehydrated --register --accept-terms cmd: dehydrated --register --accept-terms
args:
creates: /var/lib/dehydrated/accounts creates: /var/lib/dehydrated/accounts
- name: Symlink SAN domains - tags: [ acme, acme_certs ]
block:
- name: Configure certificates
ansible.builtin.template:
src: domains.txt
dest: /etc/dehydrated/domains.txt
owner: root
group: root
mode: 0644
notify: query_certificates
- name: Symlink SAN domains
ansible.builtin.include_tasks: ansible.builtin.include_tasks:
file: san_domains_loop.yaml file: san_domains_loop.yaml
loop: "{{ acme_san_domains|default([]) }}" loop: "{{ acme_san_domains|default([]) }}"
loop_control: loop_control:
loop_var: domains loop_var: domains

5
roles/acme/tasks/remove_conflicting.yaml
View file

@ -1,4 +1,9 @@
--- ---
- name: Remove certbot from apt
ansible.builtin.apt:
name: [ letsencrypt, certbot ]
state: absent
autoremove: yes
- name: Remove variable directories - name: Remove variable directories
ansible.builtin.file: ansible.builtin.file:

1
roles/acme/tasks/san_domains_loop.yaml
View file

@ -1,5 +1,4 @@
--- ---
- ansible.builtin.stat: - ansible.builtin.stat:
path: "/var/lib/dehydrated/certs/{{ domains[0] }}" path: "/var/lib/dehydrated/certs/{{ domains[0] }}"
register: cert_stat register: cert_stat

2
roles/acme/templates/config.sh
View file

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
# {{ ansible_managed }} # Managed by Ansible
CONTACT_EMAIL={{ notify_email }} CONTACT_EMAIL={{ notify_email }}

2
roles/acme/templates/cron
View file

@ -1,4 +1,4 @@
# {{ ansible_managed }} # Managed by Ansible
SHELL=/bin/sh SHELL=/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin

2
roles/acme/templates/deploy.sh
View file

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
# {{ ansible_managed }} # Managed by Ansible
systemctl reload nginx.service systemctl reload nginx.service

2
roles/acme/templates/domains.txt
View file

@ -1,4 +1,4 @@
# {{ ansible_managed }} # Managed by Ansible
{% for domain in acme_domains|default([]) %} {% for domain in acme_domains|default([]) %}
{{ domain }} {{ domain }}

2
roles/acme/templates/nginx-snippet.conf
View file

@ -1,4 +1,4 @@
# {{ ansible_managed }} # Managed by Ansible
location /.well-known/acme-challenge { location /.well-known/acme-challenge {
allow all; allow all;

2
roles/common/defaults/main.yaml
View file

@ -17,5 +17,3 @@ node_exporter: true
debian_packages_unwanted: debian_packages_unwanted:
- netcat-traditional - netcat-traditional
- letsencrypt
- certbot